- Stack Overflow for Teams Where developers & technologists share private knowledge with coworkers
- Advertising & Talent Reach devs & technologists worldwide about your product, service or employer brand
- OverflowAI GenAI features for Teams
- OverflowAPI Train & fine-tune LLMs
- Labs The future of collective knowledge sharing
- About the company Visit the blog
Collectives™ on Stack Overflow
Find centralized, trusted content and collaborate around the technologies you use most.
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Get early access and see previews of new features.
Ineffective Assignment to Field when trying to update a Struct in Go
I'm getting the linting error
when I try to use a struct method LevelUp to update the struct's value Player.Level :
p.Level also remains 0 after calling p.LevelUp() . What is the proper way to call a method that updates the value of a field of the struct this method is attached to?
Each parameter including the receiver is copied upon entering the function / method. When you return, the changes made to the copy are lost. That's why you get a warning: you modify a field which you never use: you don't use in in the method after the assignment, and you can't possibly use it anywhere else, because after returning from the method, the effect of the assignment is lost.
If you need to retain the changes, you must use a pointer receiver ( p *Player ) and modify the pointed object ( p.Level++ will do just that).
This will output (try it on the Go Playground ):
See related:
My object is not updated even if I use the pointer to a type to update it
How to modify the value of a simple type through pointer receiver method in Go?
Why can't I append to a slice that's the property of a struct in golang?
Your Answer
Reminder: Answers generated by artificial intelligence tools are not allowed on Stack Overflow. Learn more
Sign up or log in
Post as a guest.
Required, but never shown
By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy .
Not the answer you're looking for? Browse other questions tagged go methods struct or ask your own question .
- The Overflow Blog
- Where developers feel AI coding tools are working—and where they’re missing...
- Masked self-attention: How LLMs learn relationships between tokens
- Featured on Meta
- User activation: Learnings and opportunities
- Preventing unauthorized automated access to the network
- Should low-scoring meta questions no longer be hidden on the Meta.SO home...
- Announcing the new Staging Ground Reviewer Stats Widget
Hot Network Questions
- Why would elves care what happens to Middle Earth?
- Were Soviet doctors and nurses actually as callous as "Voices from Chernobyl" portrays in the prologue?
- Do mathematicians care about the validity ("truth") of the axioms?
- FIFO capture using cat not working as intended?
- Is it possible to speed up this function?
- Why was Z moved to the end of the alphabet when Zeta was near the beginning?
- All combinations of ascending/descending digits
- Is there a fast/clever way to return a logical vector if elements of a vector are in at least one interval?
- What exactly do I buy when I buy an index-following ETF?
- Are the model implementations in Hugging Face’s transformers library created by the original model authors or by Hugging Face?
- Simulate people leaving a cocktail party
- Tikz: On straight lines moving balls on a circle inside a regular polygon
- Villager won't turn to zombie
- Why do evacuations result in so many injuries?
- Easily unload gravel from pickup truck
- On a glassed landmass, how long would it take for plants to grow?
- Is it actually really easy to state conjectures, which are open and on the first view really hard to prove?
- A military space Saga with a woman who is a brilliant tactician and strategist
- How can I draw the intersection of a plane with a dome tent?
- Thunderbird will not create profile in chosen folder on a different partition
- Why does Voyager use consumable hydrazine instead of reaction wheels that only rotate when moving the spacecraft?
- What evidence exists for the historical name of Kuwohi Mountain (formerly Clingmans Dome)?
- Expected value of a matrix = matrix of expected value?
- Waiting girl's face
HatchJS.com
Cracking the Shell of Mystery
Ineffectual Assignment to Err: What It Is and Why It Matters
Ineffectual Assignment to Err: Why It’s Important to Empower Employees
In today’s fast-paced business world, it’s more important than ever to empower employees to make decisions and take risks. However, many managers are still reluctant to give their employees the freedom to err. They worry that if employees make mistakes, it will reflect poorly on them as managers.
But the truth is, mistakes are a natural part of learning and growth. In fact, some of the most successful companies are the ones that encourage employees to take risks and experiment. By giving employees the freedom to err, managers can create a more innovative and productive workplace.
In this article, we’ll explore the importance of ineffectual assignment to err, and we’ll provide tips for managers on how to create a culture of innovation and risk-taking.
| Column 1 | Column 2 | Column 3 | |—|—|—| | Ineffectual Assignment to Err | Definition | Example | | An ineffectual assignment to err occurs when a variable is assigned to the err object without first checking if the err object exists. This can lead to errors being silently ignored, which can make it difficult to debug your code. | const err = new Error(‘This is an error’);
// This will silently ignore the error const foo = err;
// To avoid this, you should first check if the err object exists before assigning it to a variable if (err) { const foo = err; } | | How to Fix | Prevention | Remediation | | To fix an ineffectual assignment to err, you should first check if the err object exists before assigning it to a variable. You can do this using the `if` statement or the `typeof` operator. | To prevent an ineffectual assignment to err, you should always check if the err object exists before assigning it to a variable. | To remediate an ineffectual assignment to err, you can either remove the assignment or add a check to ensure that the err object exists. |
What is ineffectual assignment to err?
Ineffectual assignment to err (IAE) is a type of error that occurs when a computer program is unable to correctly identify the correct error-handling code to execute. This can lead to the program crashing or producing incorrect results.
IAE can occur for a variety of reasons, including:
- Improper error handling: The program may not have any error handling code at all, or the error handling code may be incorrect.
- Incorrect error codes: The program may be using incorrect error codes, which can lead to the wrong error-handling code being executed.
- Uncaught exceptions: The program may not be catching all exceptions, which can lead to errors being silently ignored.
IAE can have a significant impact on the reliability and performance of a computer program. It can also make it difficult to debug and fix errors, as the program may crash or produce incorrect results without any obvious indication of what went wrong.
Causes of ineffectual assignment to err
There are a number of factors that can contribute to IAE, including:
- Improper error handling: As mentioned above, improper error handling can lead to IAE. This can occur when the program does not have any error handling code at all, or when the error handling code is incorrect.
- Incorrect error codes: Incorrect error codes can also lead to IAE. This can occur when the program is using error codes that do not correspond to the actual errors that are occurring.
- Uncaught exceptions: Uncaught exceptions can also lead to IAE. This can occur when the program does not catch all exceptions, which can lead to errors being silently ignored.
- Complex code: Complex code can also make it more difficult to write correct error handling code. This is because complex code can be more difficult to understand, which can make it more difficult to identify and fix errors.
- Insufficient testing: Insufficient testing can also contribute to IAE. This is because insufficient testing can make it more likely that errors will be introduced into the program.
There are a number of factors that can contribute to IAE, including improper error handling, incorrect error codes, uncaught exceptions, complex code, and insufficient testing.
By understanding the causes of IAE, developers can take steps to prevent it from occurring in their own code. This can help to improve the reliability and performance of their programs, and make it easier to debug and fix errors.
3. Consequences of ineffectual assignment to err
Ineffectual assignment to err can have a number of negative consequences, including:
- Decreased productivity: When employees are not held accountable for their mistakes, they may become less motivated to do their work correctly. This can lead to decreased productivity and increased costs for the organization.
- Damage to morale: When employees see that their mistakes are not being addressed, they may become frustrated and demoralized. This can lead to decreased employee engagement and turnover.
- Loss of trust: When employees see that their managers are not taking responsibility for their mistakes, they may lose trust in the leadership team. This can make it difficult to build a cohesive and productive work environment.
- Legal liability: In some cases, ineffectual assignment to err can lead to legal liability for the organization. For example, if an employee makes a mistake that results in a customer injury or property damage, the organization may be held liable if it can be shown that the employee was not properly trained or supervised.
4. How to address ineffectual assignment to err
There are a number of things that organizations can do to address ineffectual assignment to err, including:
- Create a culture of accountability: Leaders should create a culture of accountability by setting clear expectations for employees, providing regular feedback, and holding employees accountable for their mistakes.
- Implement a formal disciplinary process: Organizations should have a formal disciplinary process in place to ensure that employees who make mistakes are held accountable. This process should be fair and consistent, and it should be communicated to employees in advance.
- Provide training and development opportunities: Organizations should provide employees with the training and development opportunities they need to do their jobs correctly. This training should be tailored to the specific needs of the organization and its employees.
- Create a supportive work environment: Leaders should create a supportive work environment where employees feel comfortable admitting their mistakes and learning from them. This can be done by providing employees with opportunities to give and receive feedback, and by creating a climate of trust and respect.
By taking these steps, organizations can help to address ineffectual assignment to err and create a more productive and successful work environment.
Ineffectual assignment to err can have a number of negative consequences for organizations, including decreased productivity, damaged morale, loss of trust, and legal liability. However, by creating a culture of accountability, implementing a formal disciplinary process, providing training and development opportunities, and creating a supportive work environment, organizations can help to address ineffectual assignment to err and create a more productive and successful work environment.
Q: What is an ineffectual assignment to err?
An ineffectual assignment to err occurs when a variable is assigned the value of `err`, which is a built-in error object in JavaScript. This can cause problems because the variable will not be able to hold any other value, and any attempt to do so will result in an error.
Q: Why is an ineffectual assignment to err a problem?
An ineffectual assignment to err can cause problems because it can prevent you from assigning a value to the variable. This can make it difficult to track errors or to debug your code. Additionally, an ineffectual assignment to err can cause your code to crash if you try to use the variable for anything other than storing an error.
Q: How can I avoid an ineffectual assignment to err?
There are a few ways to avoid an ineffectual assignment to err. One way is to use the `catch` clause of a try-catch block to catch errors and handle them appropriately. Another way is to use the `.catch()` method of the Promise object to handle errors. Finally, you can use the `.throw()` method of the Error object to throw a custom error.
Q: What are some examples of ineffectual assignment to err?
The following are some examples of ineffectual assignment to err:
javascript var err = new Error(‘This is an error’); var x = err; // This is an ineffectual assignment to err because the variable `x` cannot be assigned any other value.
try { throw new Error(‘This is an error’); } catch (err) { // This is not an ineffectual assignment to err because the variable `err` is being used to store the error object that was thrown. }
var promise = new Promise((resolve, reject) => { reject(new Error(‘This is an error’)); }); promise.catch((err) => { // This is not an ineffectual assignment to err because the variable `err` is being used to store the error object that was thrown by the promise. });
Q: What is the difference between an ineffectual assignment to err and a regular assignment to err?
An ineffectual assignment to err occurs when a variable is assigned the value of `err`, which is a built-in error object in JavaScript. A regular assignment to err occurs when a variable is assigned the value of an object that inherits from the Error object. The main difference between the two is that an ineffectual assignment to err will prevent you from assigning any other value to the variable, while a regular assignment to err will not.
Q: How can I fix an ineffectual assignment to err?
To fix an ineffectual assignment to err, you can either use the `catch` clause of a try-catch block to catch errors and handle them appropriately, or you can use the `.catch()` method of the Promise object to handle errors. Finally, you can use the `.throw()` method of the Error object to throw a custom error.
Ineffectual assignment to err is a common problem in software development. It occurs when a developer assigns a value to a variable that is not used in the code. This can lead to errors and bugs that can be difficult to track down.
There are a number of reasons why ineffectual assignment to err occurs. One reason is that developers may not be aware of the problem. Another reason is that developers may be under pressure to meet deadlines and may not take the time to check their code carefully.
Ineffectual assignment to err can be prevented by following a few simple steps. First, developers should be aware of the problem and should take steps to avoid it. Second, developers should use a compiler or linter to check their code for errors. Third, developers should test their code thoroughly before deploying it to production.
By following these steps, developers can help to prevent ineffectual assignment to err and ensure that their code is free of errors.
Here are some key takeaways from this content:
- Ineffectual assignment to err is a common problem in software development.
- It occurs when a developer assigns a value to a variable that is not used in the code.
- This can lead to errors and bugs that can be difficult to track down.
- There are a number of reasons why ineffectual assignment to err occurs.
- Developers can prevent ineffectual assignment to err by following a few simple steps.
Author Profile
Latest entries
- December 26, 2023 Error Fixing User: Anonymous is not authorized to perform: execute-api:invoke on resource: How to fix this error
- December 26, 2023 How To Guides Valid Intents Must Be Provided for the Client: Why It’s Important and How to Do It
- December 26, 2023 Error Fixing How to Fix the The Root Filesystem Requires a Manual fsck Error
- December 26, 2023 Troubleshooting How to Fix the `sed unterminated s` Command
Similar Posts
How long does polyjuice potion last (the definitive guide).
Have you ever wondered how long does polyjuice potion last? In the Harry Potter series, this magical potion is used to transform one person into another. But how long does the transformation last? And what are the side effects? In this article, we’ll explore the science behind polyjuice potion and answer all your questions. Time…
GC Overhead Limit Exceeded in SQL Developer: Causes and Solutions
GC Overhead Limit Exceeded in SQL Developer: What It Is and How to Fix It The garbage collector (GC) is a critical component of Java that manages the allocation and deallocation of memory. When the GC overhead becomes too high, it can lead to performance problems and even application crashes. This is a common issue…
Splunk Bin vs Bucket: What’s the Difference?
Splunk Bin vs Bucket: What’s the Difference? Splunk is a powerful tool for collecting, analyzing, and visualizing data. But what are bins and buckets, and how do they differ? In this article, we’ll take a closer look at bins and buckets, and we’ll discuss how they’re used in Splunk. We’ll also provide some tips on…
TensorFlow Lite XNNPACK Delegate for CPU: A Performance Boost for Edge Devices
TensorFlow Lite XNNPACK Delegate for CPU: Accelerating Deep Learning on Mobile Devices Deep learning is a powerful tool that is used in a wide variety of applications, from image recognition to natural language processing. However, deep learning models can be computationally expensive to run, which can make them impractical for use on mobile devices. The…
Zsh Alias with Parameter: A Guide to Creating Custom Commands
Zsh Alias with Parameter: A Quick Guide Zsh is a powerful shell that offers a wide range of features, including the ability to create aliases. Aliases are shortcuts that allow you to type a shorter command to perform a task that would otherwise require a longer, more complex command. For example, you could create an…
What does KLK mean in Spanish?
KLK: What Does It Mean in Spanish? The Spanish word “KLK” is an acronym for “Qu lstima!”, which means “What a pity!” or “What a shame!”. It is often used to express disappointment, sadness, or frustration. KLK can be used in a variety of situations, such as when someone is late for an appointment, when…
How to Detect Unused Variables After Reassignment?
Hello everyone,
I’ve been working with Go and encountered a situation where I need to detect unused variables that have been reassigned. Specifically, I have code where an error variable ( err ) is reassigned and not checked after the reassignment. Here’s a simplified example:
In any case you would need to add a check (if) for this variable. For example add this lines to your code, (1) before the secod Atoi and after that Atoi.
fmt.Printf("%v:%v\n", &err, err)
In the first case as any error happened, err is nil. and in the second print your err has some value.:
That way you are sure it is a different variable from the previous one and it is only used in that scope, the narrow of teh scope, the better…
There are static code checkers which detect such, for example golangci-lint and staticcheck
@Helmut_Wais
Thank you! I think I’ll adopt it since it can be detected by golangci-lint.
ineffectual assignment to err (ineffassign)
checklist.
- Extension version: build from source
- Operating system and version: Debian testing
- Gitlab.com or self-managed instance? gitlab.com/self-managed instance/both
- GitLab version (if self-managed) GitLab version here (Use the version endpoint, like this: gitlab.my-company.com/api/v4/version)
- I have performed glab auth status to check for authentication issues
Summary
- run make check
- Notice the following
What is the expected correct behavior?
Linting should be a-ok.
Relevant logs and/or screenshots
possible fixes.
I have a branch ready with a potential fix
Two linters I'll always add to new Go projects: errcheck and ineffassign
Jul 17, 2020
The reason for that is that they are the best bang for your buck by far. They are easy to appease, I have yet to see them produce false positives, they very frequently catch outright buggy code and retrofitting them is a pain.
ineffassign
This is the sort of thing that ineffassign prevents:
This is perfectly valid code, and will write garbage sometimes, without any indication whatsoever. Yes, Go does refuse to compile code like this
because data is not used, but declaring a variable and then immediately overwriting its value is perfectly legal and almost never what you want. At best the variable was never needed, in which case a _ is a good way to signal it, or it was meant to be used and ineffassign found a bug.
I’ve seen this pattern frequently enough in tests, where part of the test code accidentally doesn’t check intermediate errors or return values, leading to parts of the test silently breaking over time.
To its credit, gopls does check for this now .
In a similar vein, errcheck enforces checking error return values. In Go, errors are values, and unlike other 1 languages 2 , nothing enforces they are checked.
This is valid:
And so are all these:
The only difference is that the first example carries no indication where this was intentional or not. errcheck enforces that error values are at least assigned to _ , therefore being explicit that a decision was made to ignore the error 3 .
One case where this matters is when writing new code. It’s easy enough to forget about checking all error returns of all functions called. Again, tests passing by accident is a very frequent occasion, and so is production code.
Another also interesting case is functions changing signatures. When adding an error return to a function that previously returned nothing or updating a dependency that does so, you probably want to verify all the call sites, at the very least making the executive choice to explicitly ignore the errors.
Retrofitting using golangci-lint
golangci-lint has positioned itself as the tool everyone uses on CI, and I’d say with good reason. It supports many linters, has improved massively over the past couple of years and has facilities for wiring up into existing codebases by only checking code that changes 4 , allowing for incremental cleanup.
For example:
No one has to fix the unchecked error, until they touch the call in bar() . This works well, until you realise there are transformations where this heuristic falls flat. This is still true according to the latest golangci-lint, 1.28.3.
Here is an example of this in action:
Since the call to foo() is not touched, golangci-lint considers the unchecked error pre-existing and does not report it! The check is completely elided on changes that simply go from zero returns to a single error return. This simply makes the check not as useful as it could be, allowing regressions to merge over time.
The other problem with retrofitting is that the cleanup can be boring and take a long time. Clearing hundreds for errors in bulk is mind-numbing. Merely shifting around existing code might require fixing existing issues, unrelated to the change at hand.
Why go through that, when simply adding these linters from the start does the trick and saves you from bugs?
Addendum - 18th July
I got a bit curious about k8s’ code, and ran ineffassign against it. There is one case where ineffassign could be considered noisy, and that is using foo := true instead of var foo bool :
The code in question:
This nudges towards var exist bool or bool := false . Clearly there is no bug here, the result is the same either way, so it boils down to the style used when declaring variables.
good ↩
Rust ↩
Not necessarily a good decision, you can always find yourself staring at git blame wondering why. ↩
according to git and revgrep, using the new- settings in the config . Nowadays it works, a long time ago I found out the hard way it didn’t ↩
Trail of Bits Blog
Security assessment techniques for go projects.
- November 7, 2019
The Trail of Bits Assurance practice has received an influx of Go projects, following the success of our Kubernetes assessment this summer. As a result, we’ve been adapting for Go projects some of the security assessment techniques and tactics we’ve used with other compiled languages.
We started by understanding the design of the language, identifying areas where developers may not fully understand the functionality of a language semantic. Many of these misunderstood semantics originated from findings we reported to our clients and independent research into the language itself. While not exhaustive, some of these problem areas include scoping, coroutines, error handling, and dependency management. Notably, many of theses are not directly related to the runtime. The Go runtime itself is designed to be safe by default, preventing many C-like vulnerabilities.
With a better understanding of the root causes, we searched for existing tooling to help us quickly and effectively instrument client codebases. The result was a sample of static and dynamic open-source tools, including several that were Go-agnostic. To complement these tools, we also identified several compiler configurations that help with instrumentation.
Static analysis
Because Go is a compiled language, the compiler detects and prevents many potentially erroneous patterns before the binary executable is even produced. While this is a major annoyance for newer Go developers, these warnings are extremely important in preventing unexpected behavior and keeping code clean and readable.
Static analysis tends to catch a lot of very low hanging fruit not included in compiler errors and warnings. Within the Go ecosystem, there are many disparate tools such as go-vet , staticcheck , and those within the analysis package. These tools typically identify problems like variable shadowing, unsafe pointer use, and unused function return values. Investigating the areas of a project where these tools display warnings typically leads to exploitable functionality.
These tools are by no means perfect. For example, go-vet can miss very common accidents like the one below, where the A function’s err return value is unused, and immediately reassigned during the assignment of bSuccess on the left-hand side of the expression. The compiler will not provide a warning, and go-vet does not detect this; nor does errcheck . In fact, the tools that successfully identify this case (non-exhaustive) are the aforementioned staticcheck and ineffassign , which identify the err return value of A as unused or ineffectual.
Figure 1: An example program showing an ineffectual assignment of err tricking go-vet and errcheck into considering err as checked.
Figure 2: The output of the example program, along with errcheck, go-vet, staticcheck, and ineffassign.
When you look deeper into this example, you may wonder why the compiler does not warn on this problem. The Go compiler will error when variables are not used within a program, but this example successfully compiles. This is caused by the semantics of the “short variable declaration.”
Figure 3: The grammar specification of the “short variable declaration.”
According to the specification, the short variable declaration has the special ability to redeclare variables as long as:
- The redeclaration is in a multi-variable short declaration.
- The redeclared variable is declared earlier in the same block or function’s parameter list.
- The redeclared variable is of the same type as the previous declaration.
- At least one non-blank variable in the declaration is new.
All of these constraints hold in the previous example, preventing the compiler from producing errors for this problem.
Many tools have edge cases like this where they are unsuccessful in identifying related issues, or identify an issue but describe it differently. Compounding the problem, these tools often require building the Go source code before analysis can be performed. This makes third-party security assessments complicated if the analysts cannot easily build the codebase or its dependencies.
Despite these pitfalls, when put together, the available tools can provide good hints as to where to look for problems within a given project, with just a little bit of effort. We recommend using gosec , go-vet , and staticcheck , at a minimum. These have the best documentation and ergonomics for most codebases. They also provide a wide variety of checks (such as ineffassign or errcheck ) for common issues, without getting too specific. For more in-depth analysis of a particular type of issue, however, one might have to use the more specific analyzers, develop custom tooling directly against the SSA , or use $emmle .
Dynamic analysis
Once static analysis has been performed and the results have been reviewed, dynamic analysis techniques are typically the next step for deeper results. Due to Go’s memory safety, the problems normally found with dynamic analysis are those that result in a hard crash or an invalidation of program state. Various tools and approaches have been built to help identify these types of issues within the Go ecosystem. Additionally, it’s possible to retrofit existing language-agnostic tooling for the dynamic testing of Go software, which we show next.
The best-known dynamic testing tool in the Go space is likely Dimitry Vyukov’s implementation of dvyukov/go-fuzz . This tool allows you to quickly and effectively implement mutational fuzzing. It even has an extensive wall of trophies . More advanced users may also find the distributed fuzzing and libFuzzer support useful when hunting for bugs.
Google also produced a more primitive fuzzer with a confusingly similar name, google/gofuzz , that assists users by initializing structures with random values. Unlike Dimitry’s go-fuzz , Google’s gofuzz does not generate a harness or assist with storing crash output, fuzzed input, or any other type of information. While this can be a downside for testing some targets, it makes for a lightweight and extensible framework.
For the sake of brevity, we refer you to examples of both tools in their respective READMEs.
- google/gofuzz#gofuzz
- dvyukov/go-fuzz#usage
Property testing
Diverging from more traditional fuzzing approaches, Go’s testing package (typically used for unit and integration testing) provides the testing/quick sub-package for “black box testing” of Go functions. In other terms, it is a basic primitive for property testing. Given a function and generator, the package can be used to build a harness to test for potential property violations given the range of the input generator. The following example is pulled directly from the documentation .
Figure 4: The OddMultipleOfThree function is being tested, where its return value should always be an odd multiple of three. If it’s not, the f function will return false and the property will be violated. This is detected by the quick. Check function.
While the functionality provided by this package is acceptable for simple applications of property testing, important properties do not often fit well into such a basic interface. To address these shortcomings, the leanovate/gopter framework was born. Gopter provides a wide variety of generators for the common Go types, and has helpers to assist you in creating your own generators compatible with Gopter. Stateful tests are also supported through the gopter/commands sub-package, which is useful for testing that properties hold across sequences of actions. Compounding this, when a property is violated, Gopter shrinks the generated inputs. See a brief example of property tests with input shrinking in the output below.
Figure 5: The testing harness for the Compute structure.
Figure 6: Executing the test harness and observing the output of the property tests, where Divide fails.
Fault injection
Fault injection has been surprisingly effective when attacking Go systems. The most common mistakes we found using this method involve the handling of the error type. Since error is only a type in Go, when it is returned it does not change a program’s execution flow on it’s own like a panic statement would. We identify such bugs by enforcing errors from the lowest level: the kernel. Because Go produces static binaries, faults must be injected without LD_PRELOAD . One of our tools, KRF , allows us to do exactly this.
During our recent assessment of the Kubernetes codebase, the use of KRF provided a finding deep inside a vendored dependency, simply by randomly faulting read and write system calls spawned by a process and its children. This technique was effective against the Kubelet, which commonly interfaces with the underlying system. The bug was triggered when the ionice command was faulted, producing no output to STDOUT and sending an error to STDERR . After the error was logged, execution continued instead of returning the error in STDERR to the caller. This results in STDOUT later being indexed, causing an index out of range runtime panic.
Figure 7: The shortened callstack of the resulting Kubelet panic.
Figure 8: The logging of STDERR without returning the error to the caller.
Figure 9: The attempted indexing of STDOUT, even though it is empty. This is the cause of the runtime panic.
For a more complete walkthrough containing reproduction steps, our Kubernetes Final Report details the use of KRF against the Kubelet in Appendix G (pg. 109).
Go’s compiler also allows instrumentation to be included in a binary, which permits detection of race conditions at runtime. This is extremely useful for identifying potentially exploitable races as an attacker, but it can also be leveraged to identify incorrect handling of defer, panic, and recover . We built trailofbits/on-edge to do exactly this: Identify global state changes between a function entrypoint and the point at which a function panics, and exfiltrate this information through the Go race detector. More in-depth use of OnEdge can be found in our previous blog post, “Panicking the Right Way in Go.”
In practice, we recommend using:
- dvyukov/go-fuzz to build harnesses for components parsing input,
- google/gofuzz for testing structure validations,
- leanovate/gopter for augmenting existing unit and integration tests and testing specification correctness, and
- trailofbits/krf and trailofbits/on-edge for testing error handling.
All of these tools, with the exception of KRF, require a bit of effort to use in practice.
Using the compiler to our advantage
The Go compiler has many built-in features and directives that aid in finding bugs. These features are hidden in and throughout various switches, and require a bit of configuration for our purposes.
Subverting the type system
Sometimes when attempting to test the functionality of a system, the exported functions aren’t what we want to test. Getting testable access to the desired functions may require renaming a lot of them so they can be exported, which can be burdensome. To help address this problem, the build directives of the compiler can be used to perform name linking, accessing controls provided by the export system. As an example of this functionality, the program below (graciously extracted from a Stack Overflow answer ) accesses the unexported reflect.typelinks function and subsequently iterates the type link table to identify types present in the compiled program.
Figure 10: A generalized version of the Stack Overflow answer, using the link name build directive.
Figure 11: The output of the typelinks table.
In situations where you need even more granular control at runtime (i.e., more than just the link name directive), you can write in Go’s intermediate assembly and include it during compilation. While it may be incomplete and slightly out of date in some places, the teh-cmc/go-internals repository provides a great introduction to how Go assembles functions.
Compiler-generated coverage maps
To help with testing, the Go compiler can perform preprocessing to generate coverage information . This is intended for identifying unit and integration testing coverage information, but we can also use it to identify coverage generated by our fuzzing and property testing. Filippo Valsorda provides a simple example of this in a blog post .
Type-width safety
Go has support for automatically determining the size of integers and floating-point numbers based on the target platform. However, it also allows for fixed-width definitions, such as int32 and int64 . When mixing both automatic and fixed-width sizes, there are opportunities for incorrect assumptions about behavior across multiple target platforms.
Testing against both 32-bit and 64-bit platform builds of a target will help identify platform-specific problems. These problems tend to be found in areas performing validation, decoding, or type conversion, where improper assumptions about the source and destination type properties are made. Examples of this were identified in the Kubernetes security assessment, specifically TOB-K8S-015: Overflows when using strconv.Atoi and downcasting the result (pg. 42 in the Kubernetes Final Report ), with an example inlined below.
Figure 12: An example of downcasting to a fixed-width integer from an automatic-width integer (returned by Atoi).
Figure 13: The resulting overflow from incorrect type-width assumptions.
In practice, the type system subversion is rarely necessary. The most interesting targets for testing are already exported, available through traditional imports. We recommend using this only when helpers and similar unexported functions are required for testing. As for testing type-width safety, we recommend compiling against all targets when possible, even if it is not directly supported, since problems may be more apparent on different targets. Finally, we recommend generating coverage reports on projects with unit and integration tests, at a minimum. It helps identify areas that are not directly tested, which can be prioritized for review.
A note about dependencies
In languages such as JavaScript and Rust , dependency managers have built-in support for dependency auditing—scanning project dependencies for versions known to have vulnerabilities. In Go, no such tool exists, at least not in a publicly available and non-experimental state.
This lack likely stems from the fact that there are many different methods of dependency management: go-mod , go-get , vendored , etc. These various methods use radically different approaches, resulting in no straightforward way to universally identify dependencies and their versions. Furthermore, in some cases it is common for developers to subsequently modify their vendored dependency source code.
The problem of dependency management has progressed over the years of Go’s development, and most developers are moving towards the use of go mod . This allows dependencies to be tracked and versioned within a project through the go.mod file , opening the door for future dependency scanning efforts. An example of such an effort can be seen within the OWASP DependencyCheck tool, which has an experimental go mod plugin .
Ultimately, there are quite a few tools available for use within the Go ecosystem. Although mostly disparate, the various static analysis tools help identify “low hanging fruit” within a given project. When looking for deeper concerns, fuzzing, property testing, and fault injection tools are readily available. Compiler configuration subsequently augments the dynamic techniques, making it easier to build harnesses and evaluate their effectiveness.
Interested in seeing these techniques shake out bugs in your Go systems? Trail of Bits can make that happen. Do you want custom analysis built specifically for your organization? We do that too. Contact us !
Share this:
5 thoughts on “ security assessment techniques for go projects ”.
Pingback: Security assessment techniques for Go projects – Hacker News Robot
Excellent post thanks a lot for sharing this, secure development practices are very important in product development. Wanted to give a shout-out to https://github.com/golangci/golangci-lint for bringing some of the linters mentioned in the post into a nice bundle.
Pingback: Security assessment techniques for Go projects - Golang News
Actually, Snyk is free and the CLI is open source tool for security vulnerabilities scanning and it supports Go projects that are managed with dep, govendor or go modules. How to get started here: https://snyk.io/docs/snyk-for-golang/ and there’s a whole vulnerabilities database open to browsing at https://snyk.io/vuln?type=golang for Golang.
Full disclosure: I’m a developer advocate at Snyk
CodeQL is a tool for static analysis that supports Go
https://help.semmle.com/QL/learn-ql/go/ql-for-go.html
It’s free for open-source projects and I think they offer options to use it for proprietary software. In fact, the rules for detecting issues are open-sourced. Anybody can contribute.
Leave a Reply Cancel reply
Discover more from trail of bits blog.
Subscribe now to keep reading and get access to the full archive.
Type your email…
Continue reading
Golang lint - Different methods with Best Practices
September 29, 2022
Linting Go Code
In this article, I will demonstrate how to use lint tools in Golang. A linter is a tool that checks code files using a set of rules that describe problems that cause confusion, produce unexpected results, or reduce the readability of the code. Furthermore, lint can help us find potential bugs in the code, such as assigning undeclared variables, which can cause runtime errors, or getting the value from a global variable, which makes debugging difficult, and so on.
Some go packages which can be used to perform linting such as:
- go vet detects suspicious constructs that the compile may skip, but it only catches a limited number of potential issues such as calling fmt.Printf with the wrong arguments.
- errcheck , An error checker
- golangCI-lint , It’s a linting tool that provides a facade on top of many useful linters and formatters. Also, it allows running the linters in parallel to improve analysis speed, which is quite handy.
We can also use golint which is maintained by the Go developers. It is intended to enforce the coding conventions described in Effective Go . But for now, this project is frozen and deprecated . You can refer to ' freeze and deprecate golint thread ' to read more.
Besides linters, we should also use code formatters to fix code style. Here is a list of some code formatters for you to try:
- gofmt package, which is already present in the installation, so we can run it to automatically indent and format your code. Note that it uses tabs for indentation and blanks for alignment
- goimports , A standard Go imports formatter
Using Golang Vet for linting
go vet : Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string. Vet uses heuristics that do not guarantee all reports are genuine problems, but it can find errors not caught by the compilers.
Let's look at this below example to understand how Golang Vet works:
When we run 'go run main.go', the output will be:
When we run "go vet main.go", the output will be:
Using gofmt to for formatting
The gofmt formatting don’t affect the execution of the code—rather, they improve codebase readability by ensuring that the code is visually consistent. gofmt focuses on things like indentation, whitespace, comments, and general code succinctness. We have written a dedicate chapter on go formatting .
To check files for unnecessary parentheses:
To remove the parentheses:
Consider the below example to see how gofmt format the code:
The program will automatically format to this:
Using GolangCI-Lint to lint go program
Golangci-lint is a Go linters tool that runs linters in parallel, reuses the Go build cache, and caches analysis results for significantly improved performance on subsequent runs, is the preferred way to configure linting in Go projects
For convenience and performance reasons, the golangci-lint project was created to aggregate and run several individual linters in parallel. When you install the program, it will include about 48 linters (at the time of writing), and you can then choose which ones are important for your project.
Set up environment
To install golangci-lint , run the command below:
To see a list of supported linters and which linters are enabled/disabled:
Perform Test Run
You may encounter errors if you run the enabled linters from the root of your project directory. Each problem is reported with all of the context you need to fix it, including a brief description of the problem as well as the file and line number where it occurred.
By passing the path, you can specify which directories and files to analyze.
Configuring GolangCI-Lint
The config file has lower priority than command-line options. If the same bool/string/int option is provided on the command-line and in the config file, the option from command-line will be used. Slice options (e.g. list of enabled/disabled linters) are combined from the command-line and config file.
Config File
GolangCI-Lint looks for config files in the following paths from the current working directory:
- .golangci.yml
- .golangci.yaml
- .golangci.toml
- .golangci.json
Example of .golangci.yaml config file:
Command-Line Options
Pass -E/--enable to enable linter and -D/--disable to disable:
Suppressing linting errors
Disabling specific linting issues that arise in a file or package is sometimes necessary. This can be accomplished in two ways: via the nolint directive and via exclusion rules in the configuration file.
The nolint directive
Here is an example of generating a random number:
When we run golangci-lint run -E gosec lint.go the output will be:
The linter recommends using the Int method from crypto/rand instead because it is more cryptographically secure, but it has a less friendly API and slower performance. You can ignore the error by adding a nolint directive to the relevant line:
This inline use of nolint disables all linting issues detected for that line. You can disable issues from a specific linter by naming it in the directive (recommended).
When a nolint directive is used at the top of a file, it disables all linting issues for that file:
Exclusion rules
Exclude Issue by Text : Exclude issue by text using command-line option -e or config option issues.exclude . It's helpful when you decided to ignore all issues of this type. Also, you can use issues.exclude-rules config option for per-path or per-linter configuration.
Exclude Issues by Path:
Exclude issues in path by run.skip-dirs , run.skip-files or issues.exclude-rules config options. In the following example, all the reports from the linters (linters) that concerns the path (path) are excluded:
The code checking tools mentioned above are mostly the "official" ones (the ones maintained by Golang developers). IDE integrations are a nice benefit of having official tooling. For example, Goland includes gofmt support, and VSCode includes an official Go extension that can check your code whenever you save a file.
There are plenty of great options for keeping your code clean and consistent, whether you use these official code checkers or others provided by the community. This article should have given you a better understanding of how to use go vet , gofmt to benefit your code.
https://pkg.go.dev/cmd/vet https://github.com/golangci/golangci-lint https://pkg.go.dev/cmd/gofmt https://pkg.go.dev/golang.org/x/lint/golint https://go.dev/doc/effective_go
Tuan Nguyen
He is proficient in Golang, Python, Java, MongoDB, Selenium, Spring Boot, Kubernetes, Scrapy, API development, Docker, Data Scraping, PrimeFaces, Linux, Data Structures, and Data Mining. With expertise spanning these technologies, he develops robust solutions and implements efficient data processing and management strategies across various projects and platforms. You can connect with him on his LinkedIn profile.
Can't find what you're searching for? Let us assist you.
Enter your query below, and we'll provide instant results tailored to your needs.
If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.
For any other feedbacks or questions you can send mail to [email protected]
Thank You for your support!!
Leave a Comment Cancel reply
Save my name and email in this browser for the next time I comment.
Notify me via e-mail if anyone answers my comment.
We try to offer easy-to-follow guides and tips on various topics such as Linux, Cloud Computing, Programming Languages, Ethical Hacking and much more.
Recent Comments
Popular posts, 7 tools to detect memory leaks with examples, 100+ linux commands cheat sheet & examples, tutorial: beginners guide on linux memory management, top 15 tools to monitor disk io performance with examples, overview on different disk types and disk interface types, 6 ssh authentication methods to secure connection (sshd_config), how to check security updates list & perform linux patch management rhel 6/7/8, 8 ways to prevent brute force ssh attacks in linux (centos/rhel 7).
Privacy Policy
HTML Sitemap
|
COMMENTS
Jun 23, 2021 at 5:25. 2. @Ishmeet, note that the linter wasn't forcing you to use a var declaration; instead it hinted at that you might have a bug in your code—because the first assignment could be way more involved like assigning the return value of some function call which would return a value inintialized in a complicated way, and ...
That's why you get a warning: you modify a field which you never use: you don't use in in the method after the assignment, and you can't possibly use it anywhere else, because after returning from the method, the effect of the assignment is lost. If you need to retain the changes, you must use a pointer receiver (p *Player) and modify the ...
Ineffectual assignment to err is a common problem in software development. It occurs when a developer assigns a value to a variable that is not used in the code. This can lead to errors and bugs that can be difficult to track down. There are a number of reasons why ineffectual assignment to err occurs.
ineffassign version: last version available go version: go version go1.18.3 Running the linter when interacting with a var after passing it to a deferred function call marks it as ineffectual assignment package main import "errors" func ...
ineffassign. Detect ineffectual assignments in Go code. An assignment is ineffectual if the variable assigned is not thereafter used. This tool misses some cases because it does not consider any type information in its analysis. For example, assignments to struct fields are never marked as ineffectual. It should, however, never give any false ...
There are static code checkers which detect such, for example golangci-lint and staticcheck $ golangci-lint run x.go:15:8: ineffectual assignment to err (ineffassign) num2, err := strconv.Atoi("a") $ $ staticcheck ./... x.go:15:2: this value of err is never used (SA4006)
Checklist I'm using the latest version of the extension (Run glab...
Hi, if it's possible, I would like to work on this. I had run ineffassign on x/text again an found more results. See the the updated list below. Almost all issues can be easily fixed by simply removing or refactoring the ineffectual assignments clauses.
If you're using errno, then it's even easier as C doesn't require that you assign the result of an operation: errno && step1(); errno && step2(); return errno; If you're feeling clever, you can use setjmp() and longjmp(). This is really nice for more C++ like exception handling and in most cases, is faster.
The reason for that is that they are the best bang for your buck by far. They are easy to appease, I have yet to see them produce false positives, they very frequently catch outright buggy code and retrofitting them is a pain.
As a result, we've been adapting for Go projects some of the security assessment techniques and tactics we've used with other compiled languages. ... Figure 1: An example program showing an ineffectual assignment of err tricking go-vet and errcheck into considering err as checked. $ go run . false : true $ errcheck .
A linter is a tool that checks code files using a set of rules that describe problems that cause confusion, produce unexpected results, or reduce the readability of the code. Furthermore, lint can help us find potential bugs in the code, such as assigning undeclared variables, which can cause runtime errors, or getting the value from a global ...
area/testing Issue related to testing the operator-sdk and subcomponents good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/flake Categorizes issue or PR as related to a flaky test.
This is much worse! And the compiler doesn't complain. Fortunately there's a linter called ineffassign that tracks ineffective assignments, and it's part of gometalinter and golangci-lint. But not "go vet". And there's no linter that can detect the first example that I gave. Shadowing is a pet peeve of mine.
Package ineffassign implements a static analyzer to ensure that there are no ineffectual assignments in source code. Skip to Main Content . Why Go Case Studies Common problems companies solve with Go. Use Cases Stories about how and why companies use Go. Security Policy How Go can help keep you secure by default ...
ineffassign. Detect ineffectual assignments in Go code. An assignment is ineffectual if the variable assigned is not thereafter used. This tool misses some cases because it does not consider any type information in its analysis. For example, assignments to struct fields are never marked as ineffectual. It should, however, never give any false ...
Saved searches Use saved searches to filter your results more quickly
ineffassign. Detect ineffectual assignments in Go code. This tool misses some cases because does not consider any type information in its analysis. (For example, assignments to struct fields are never marked as ineffectual.) It should, however, never give any false positives.
Across the codebase, there are several instances in which ineffectual assignment could result in unintentional side effects due to unused variable values. While not all of these instances are directly problematic, future changes could result in undesirable effects.
Detect ineffectual assignments in Go code. This tool misses some cases because does not consider any type information in its analysis. (For example, assignments to struct fields are never marked as ineffectual.) It should, however, never give any false positives.